[email protected]
Aliases: W32/Pintae.A Worm, Worm/Pintae.A, W32/Namuki, W32/Vanneo.B.worm, Win32:Gatina-B
Variants: N/A
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 07 Nov 2006
Damage: Low
Characteristics: [email protected] was discovered on November 7, 2006. This is a mass-mailing worm that also propagates through network shares. The operating systems this worm mostly affects are Windows 2000, 95, 98, Me, NT, Server 2003 and XP.
[email protected] Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected] from your computer.
More details about [email protected]
Once [email protected] is executed, the worm does several actions for its propagation. The worm arrives as a file attachment to emails. It produces copies of itself as MSKernell.bat under the %UserProfile% folder, AutoRun.bat under %System% and Exit to DosPrompt.pif under%Windir%. In the D$ or C$ folder, the worm copies itself as Readme.scr. Then, another file is created which is info.txt that contains some system information including the user name, computer name and SMTP information. The worm adds and modifies values to the system registry subkey. After that, the worm email itself as a file attachment to email addresses from the Windows Address Book. Lastly, the worm has the ability to disable some processes which are believed to be security-related processes. These processes include System Restore, Windows Firewall, Windows Security Center, Windows Task Manager and WinPatrol.The [email protected] software connects to remote servers to download unwanted content on the user’s computer. These downloaded components are installed on the user’s machine stealthily. They may contain illicit codes that will add to the system’s vulnerability. This program enters a computer through loopholes in the security program of the system. It also takes advantage of system exploits to be able to infiltrate a computer. Reports indicate that exploits are one of the easiest ways to enter a computer without being detected by the user.